<?php
// 论坛功能函数集
session_start();
$conn=new mysqli("localhost","root","","yhx");
$conn->query("set names 'UTF8'");
// 信息提示窗口
function show_msg($msg,$url){
	$win_str = "<meta http-equiv='refresh' content='3; url=".$url."' />
<style type='text/css'>
body,td,th {
	font-size: 14px;
}
a{
	text-decoration:none;
			color:red;
}
</style>
<table width='200' border='1' align='center'>
  <tr>
    <td align='center'><strong>提示窗口</strong></td>
  </tr>
  <tr>
    <td align='center'><p>".$msg."</p>
    <p>3秒后跳转失败，<a href=".$url.">点击</a></p></td>
  </tr>
</table>";
	echo $win_str;
	exit();
}
// 注册功能
function register($user,$pw,$tele){
   global $conn;
    $sql="insert into yhx_user(username,password,telephone,score,level) values('$user','$pw','$tele',0,'新兵')";
    $res=$conn->query($sql);
    if ($res){
       show_msg("注册成功！","login.php");
    }else {
        show_msg("注册失败！","register.php");
    } 
}
// 登录功能
function login($user,$pw){
    global $conn;
//     $sql="select * from yhx_user where username='$user' and password='$pw'";
//     $res=$conn->query($sql);
//     if ($res->num_rows>0){
//         $row=$res->fetch_assoc();
//         $_SESSION['user']=$row['username'];
//         show_msg("欢迎".$_SESSION['user']."访问！","lyb.php");
//     }else {
//         show_msg("用户名或密码错误！","login.php");
//     }
// 用预处理的方法更安全，优化登录功能代码
    $sql="select * from yhx_user where username=? and password=?";
    $stmt=$conn->prepare($sql);
    $stmt->bind_param("ss",$user,$pw);
    $stmt->execute();
    $res=$stmt->get_result();
    if ($res->num_rows>0){
        $row=$res->fetch_assoc();
        $_SESSION['user']=$row['username'];
        show_msg("欢迎".$_SESSION['user']."访问！","lyb.php");
    }else {
        show_msg("用户名或密码错误！","login.php");
    }
}

function logout(){
    session_destroy();
    show_msg("退出登录","login.php");
}
//发表留言
function publish_ly($title,$type,$cont){
    global $conn;
    $sql="insert into lyb_info(title,ly_type,content,author,ly_time) values('$title','$type','$cont','".$_SESSION['user']."','".date("Y-m-d H:i:s")."')";
    $res=$conn->query($sql);
    if ($res){
//         用户积分增加
        $sql_add="update yhx_user set score=score+5 where username='".$_SESSION['user']."'";
        $res_add=$conn->query($sql_add);
//         获取用户当前等级、积分
        $sql_curr="select * from yhx_user where username='".$_SESSION['user']."'";
        $res_curr=$conn->query($sql_curr);
        $curr_user=$res_curr->fetch_assoc();
        $curr_level=$curr_user['level'];
        $curr_score=$curr_user['score'];
//         获取当前等级的下一等级
        $sql_curr_level="select * from lyb_level where level_name='$curr_level'";
        $res_curr_level=$conn->query($sql_curr_level);
        $user_curr_level=$res_curr_level->fetch_assoc();
        $sql_next_level="select * from lyb_level where id>".$user_curr_level['id']." order by id asc limit 1";
        $res_next_level=$conn->query($sql_next_level);
        $user_next_level=$res_next_level->fetch_assoc();
        $next_score=$user_next_level['level_score'];
        $next_level=$user_next_level['level_name'];
//         比较当前积分和下一级别所需积分，判断是否升级
        if($curr_score>=$next_score){
            $sql_upd="update yhx_user set level='$next_level' where username='".$_SESSION['user']."'";
            $res_upd=$conn->query($sql_upd);
            if($res_upd){
                show_msg("留言成功，升级为".$next_level,"view.php");
            }else {
                show_msg("留言成功，级别已达到最高级，无法升级！","view.php");
            }
        }
        show_msg("留言成功！","view.php");
    }else {
        show_msg("留言失败！","lyb.php");
    } 
}
// 获取个人信息
function get_person_info(){
    global $conn;
//     获取个人积分和等级
    $sql="select * from yhx_user where username='".$_SESSION['user']."'";
    $res=$conn->query($sql);
    $row=$res->fetch_assoc();
//     获取留言次数
    $sql_l="select * from lyb_info where author='".$_SESSION['user']."'";
    $res_l=$conn->query($sql_l);
    $ly_num=$res_l->num_rows;
//     最近留言时间
    $sql_t="select * from lyb_info order by ly_time desc limit 1";
    $res_t=$conn->query($sql_t);
    $ly_t=$res_t->fetch_assoc();
    $ly_last=$ly_t['ly_time'];
    
    $person=array("username"=>$row['username'],"level"=>$row['level'],"score"=>$row['score'],"telephone"=>$row['telephone'],"ly_time"=>$ly_num,"ly_last"=>$ly_last);
    return $person;
}
// 修改密码
function changePW($pw){
    global $conn;
    $sql="update yhx_user set password='".md5($pw)."' where username='".$_SESSION['user']."'";
    $res=$conn->query($sql);
    if($res){
        show_msg("密码修改成功！","person.php");
    }else {
        show_msg("密码修改失败！","person.php");
    }
}
//发表回复
function rpl_public($lyb_id,$cont){
    global $conn;
    $sql="insert into lyb_rpl(lyb_id,rpl_cont,rpl_time,rpl_author) values('$lyb_id','$cont','".date("Y-m-d H:i:s")."','".$_SESSION['user']."')";
    $res=$conn->query($sql);
    if($res){
        show_msg("回复成功！","disp.php?id=".$lyb_id);
    }else {
        show_msg("回复失败！","disp.php?id=".$lyb_id);
    }
}